Google Git
Sign in
go / oauth2 / 13449ad91cb26cb47661c1b080790392170385fd
commit13449ad91cb26cb47661c1b080790392170385fd[log] [tgz]
authorAeneas Rekkas (arekkas) <aeneas@ory.am>Thu Jun 22 17:12:08 2017 +0200
committerJBD <jbd@google.com>Tue Sep 12 21:29:05 2017 +0000
tree361e8f2666760579192243e78f89b7a4064c7ace
parentd89af98d7c6bba047c5a2622f36bc14b8766df85 [diff]
internal: urlencode client id and secret in header

As per https://tools.ietf.org/html/rfc6749#section-2.3.1 client IDs and secrets must be urlencoded in the authorization header. This patch addresses this by wrapping clientID and clientSecret with url.QueryEscape. A dedicated test for unsafe-url client IDs and secrets has been added as well.

Closes #237

Change-Id: I1f277b52caef4932e14147be8fb1712203da51d0
Reviewed-on: https://go-review.googlesource.com/46473
Reviewed-by: JBD <jbd@google.com>
2 files changed
tree: 361e8f2666760579192243e78f89b7a4064c7ace
  1. amazon/
  2. bitbucket/
  3. clientcredentials/
  4. facebook/
  5. fitbit/
  6. foursquare/
  7. github/
  8. google/
  9. heroku/
  10. hipchat/
  11. internal/
  12. jws/
  13. jwt/
  14. linkedin/
  15. mediamath/
  16. microsoft/
  17. odnoklassniki/
  18. paypal/
  19. slack/
  20. uber/
  21. vk/
  22. yandex/
  23. .travis.yml
  24. AUTHORS
  25. client_appengine.go
  26. CONTRIBUTING.md
  27. CONTRIBUTORS
  28. example_test.go
  29. LICENSE
  30. oauth2.go
  31. oauth2_test.go
  32. README.md
  33. token.go
  34. token_test.go
  35. transport.go
  36. transport_test.go
README.md

OAuth2 for Go

Build Status GoDoc

oauth2 package contains a client implementation for OAuth 2.0 spec.

Installation

go get golang.org/x/oauth2

Or you can manually git clone the repository to $(go env GOPATH)/src/golang.org/x/oauth2.

See godoc for further documentation and examples.

App Engine

In change 96e89be (March 2015), we removed the oauth2.Context2 type in favor of the context.Context type from the golang.org/x/net/context package

This means it‘s no longer possible to use the “Classic App Engine” appengine.Context type with the oauth2 package. (You’re using Classic App Engine if you import the package "appengine".)

To work around this, you may use the new "google.golang.org/appengine" package. This package has almost the same API as the "appengine" package, but it can be fetched with go get and used on “Managed VMs” and well as Classic App Engine.

See the new appengine package's readme for information on updating your app.

If you don't want to update your entire app to use the new App Engine packages, you may use both sets of packages in parallel, using only the new packages with the oauth2 package.

import (
	"golang.org/x/net/context"
	"golang.org/x/oauth2"
	"golang.org/x/oauth2/google"
	newappengine "google.golang.org/appengine"
	newurlfetch "google.golang.org/appengine/urlfetch"

	"appengine"
)

func handler(w http.ResponseWriter, r *http.Request) {
	var c appengine.Context = appengine.NewContext(r)
	c.Infof("Logging a message with the old package")

	var ctx context.Context = newappengine.NewContext(r)
	client := &http.Client{
		Transport: &oauth2.Transport{
			Source: google.AppEngineTokenSource(ctx, "scope"),
			Base:   &newurlfetch.Transport{Context: ctx},
		},
	}
	client.Get("...")
}

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the oauth2 repository is located at https://github.com/golang/oauth2/issues.